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Amendments In the Claims 
Please amend Claim 59 as follows: 
1-31. Cancelled. 

32. (Previously Presented) A method of processing a packet comprising: 
matching one or more characteristics of said packet with one or more access 

control specifiers in at least one access control element; 

selecting a highest priority match based on a type of an access control specifier of 
the highest priority match, wherein the type of the access control specifier 
of the highest priority match is related to an element of a packet header to 
which the access control specifier of the highest priority match is 
responsive; and 

processing said packet based on said selecting. 

33. (Previously Presented) The method of claim 32, wherein said access 
control element is a content addressable memory. 

34. (Previously Presented) The method of claim 32, wherein said matching 
and said processing is done in parallel. 

35. (Previously Presented) The method of claim 32, wherein said 
characteristics of said packet comprises one or more of a source address, a destination 
address, a source port, a destination port, a protocol type, an input interface and an output 
interface. 

36. (Previously Presented) The method of claim 32, wherein said 
characteristics of said packet comprises data carried by said packet in a packet header. 

37. (Previously Presented) The method of claim 32, further comprising: 
receiving said packet. 

38. (Previously Presented) The method of claim 32, further comprising: 
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identifying one or more of said access control specifiers based on said matching. 

39. (Previously Presented) The method of claim 37, further comprising: 
prioritizing said one or more of said access control specifiers identified based on 

said matching to generate a set of prioritized access control specifiers. 

40. (Previously Presented) The method of claim 39, wherein said prioritizing 
is done in parallel by a priority encoder. 

41 . (Previously Presented) The method of claim 39, wherein said prioritizing 
is done based on an address of said access control specifiers in said access control 
element. 

42. (Previously Presented) . The method of claim 39, wherein said processing 
is done based on said set of prioritized access control specifiers. 

43. (Previously Presented) The method of claim 32, wherein said processing 
further comprising: 

if said packet requires processing by a higher-level processor, 
forwarding said packet to said higher-level processor. 

44. (Previously Presented) The method of claim 32, further comprising: 
if said packet requires dropping, 

dropping said packet. 

45. (Previously Presented) The method of claim 32, further comprising: 
if said packet requires forwarding, 

forwarding said packet. 



-3- 



SerialNo.: 10/087,342 



PATENT 

46. (Previously Presented) A system for processing a packet comprising: 
one or more access control specifiers, wherein said one or more access control 

specifiers are of one or more types of access control specifiers, said one or 
more types of access control specifiers being related to one or more 
elements of a packet header to which said one or more access control 
specifiers is responsive; 

an access control element, wherein said access control element is configured to 
store said one or more access control specifiers; and 

a priority encoder coupled to said access control element, wherein said priority 
encoder is configured to prioritize in parallel said one or more access 
control specifiers matched with one or more characteristics of said packet 
and to select a highest priority match based on said one or more types of 
access control specifiers. 

47. (Previously Presented) The system of claim 46, wherein said priority 
encoder is further configured to 

prioritize said one or more access control specifiers matched with said one or 

more characteristics of said packet according to an address of said one or 
more access control specifiers in said access control element. 

48. (Previously Presented) The system of claim 46, further comprising: 

a compare unit coupled to said access control unit, wherein said compare unit is 
configured to compare said one or more characteristics of said packet with 
one or more values. 

49. (Previously Presented) The system of claim 48, wherein said one or more 
values are predetermined. 

50. (Previously Presented) The system of claim 48, wherein said one or more 
values are dynamically determined. 
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51. (Previously Presented) The system of claim 48, wherein said compare 
unit is further configured to 

perform arithmetic operation on data carried by said packet in a packet header. 

52. (Previously Presented) The system of claim 48, wherein said compare 
unit is further configured to 

perform logical operation on said data carried by said packet in said packet 
header. 

53. (Previously Presented) The system of claim 46, wherein said access 
control element further comprising: 

an access control memory. 

54. (Previously Presented) The system of claim 53, wherein said access 
control memory is a content-addressable memory. 

55. (Previously Presented) The method of claim 53, wherein said access 
control memory stores at least one of said access control specifier. 

56. (Previously Presented) The system of claim 53, wherein said access 
control specifier further comprising: 

a label match mask configured to determine whether a first corresponding bit of 
said one or more characteristics of said packet is tested; and 

a label match pattern, wherein said label match pattern is compared with a second 
corresponding bit of said one or more characteristics of said packet. 

57. (Previously Presented) The system of claim 46, further comprising: 

a processor, coupled to said access control element, said processor is configured 
to process said packet when said packet is not processed by said access 
control element. 
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58. (Previously Presented) The system of claim 46, further comprising: 

at least one input port coupled to said access control element, wherein said input 

port is configured to receive said packet; and 
at least one output port coupled to said access control element, wherein said 

packet is forwarded via said out put port. 

59. (Currently Amended) A system for processing a packet comprising: 
means for matching one or more characteristics of said packet with one or more 

access control specifiers in at least one access control element; 
means for selecting a highest priority match based on a type of an access control 
specifier of the highest priority match, wherein 
the type of the access control specifier of the highest priority match is 

related to an element of a packet header to which the access control 
specifier of the highest priority match is responsive: and 
means for processing said packet based on said matching. 

60. (Previously Presented) The system of claim 59, wherein said access 
control element is a content addressable memory. 

61 . (Previously Presented) The system of claim 59, wherein said matching 
and said processing is done in parallel. 

62. (Previously Presented) The system of claim 59, wherein said 
characteristics of said packet comprises one or more of a source address, a destination 
address, a source port, a destination port, a protocol type, an input interface and an output 
interface. 

63. (Previously Presented) The system of claim 59, wherein said 
characteristics of said packet comprises data carried by said packet in a packet header. 

64. (Previously Presented) The system of claim 59, further comprising: 
means for receiving said packet. 
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65. (Previously Presented) The system of claim 59, further comprising: 
means for identifying one or more of said access control specifiers based on said 

matching. 

66. (Previously Presented) The system of claim 64, further comprising: 
means for prioritizing said one or more of said access control specifiers identified 

based on said matching to generate a set of prioritized access control 
specifiers. 

67. (Previously Presented) The system of claim 66, wherein said prioritizing 
is done in parallel by a priority encoder. 

68. (Previously Presented) The system of claim 66, wherein said prioritizing 
is done based on an address of said access control specifiers in said access control 
element. 

69. (Previously Presented) The system of claim 66, wherein said processing is 
done based on said set of prioritized access control specifiers. 

70. (Previously Presented) The system of claim 59, wherein said processing 
further comprising: 

means for forwarding said packet to said higher-level processor if said packet 
requires processing by a higher-level processor. 

71. (Previously Presented) The system of claim 59, further comprising: 
means for dropping said packet if said packet requires dropping. 

72. (Previously Presented) The system of claim 59, further comprising: 
means for forwarding said packet if said packet requires forwarding. 
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73. (Previously Presented) A system comprising: 

means for maintaining a set of access control patterns in at least one associative 
memory; 

means for receiving a packet label responsible to a packet, said packet label being 
sufficient to perform access control processing for said packet; 

means for matching matchable information, said matchable information being 
responsive to said packet label, with said set of access control patterns in 
parallel; 

means for generating a set of matches in response thereto, each said match having 

priority information associated therewith; 
means for selecting at least one of said matches in response to said priority 

information, and generating an access result in response to said at least 

one selected match; and 
means for making a routing decision in response to said access result. 

74. (Previously Presented) The system of claim 73 further comprising: 
means for choosing a first one of said matches. 

75. (Previously Presented) The system of claim 73, further comprising: 
means for determining an output interface for said packet. 

76. (Previously Presented) The system of claim 73, further comprising: 
means for implementing a quality of service policy. 

77. (Previously Presented) The system of claim 73, further comprising: 
means for permitting or denying access for said packet. 

78. (Previously Presented) The system of claim 73, further comprising: 
means for making a preliminary routing decision for said packet. 

79. (Previously Presented) The method of claim 73, further comprising: 
means for determining at least one output interface for said packet. 
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80. (Previously Presented) The system of claim 73, farther comprising: 
means for preprocessing said packet label; and 

means for generating said matchable information. 

81. (Previously Presented) The system of claim 79, further comprising: 
means for performing one or more of an arithmetic, logical, and comparison 

operation on said packet label; and 
means for generating a bit string for said matchable information in response to 
said arithmetic, logical, and comparison operation. 

82. (Previously Presented) The system of claim 73, further comprising: 
means for comparing a field of said packet label with an arithmetic range or mask 

value. 

83. (Previously Presented) The system of claim 73, further comprising: 
means for comparing a source IP port value or a destination IP port value with a 

selected port value. 

84. (Previously Presented) The system of claim 73, further comprising: 
means for postprocessing said selected match to generate said access result. 

85. (Previously Presented) The system of claim 73, further comprising: 
means for accessing a memory in response to a bitstring included in said selected 

match. 

86. (Previously Presented) The system of claim 73, further comprising: 
means for declaring whether to permit or deny access of a set of packets. 
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87. (Previously Presented) The system of claim 73, further comprising: 
means for receiving a sequence of access control specifiers; 

means for translating said sequence of access control specifiers into a sequence of 

access control patterns; and 
means for storing said sequence of access control patterns in said associative 

memory. 

88. (Previously Presented) The system of claim 73, further comprising: 
means for generating a single one of said access control patterns in response to a 

plurality of said access control specifiers. 

89. (Previously Presented) The system of claim 73, further comprising: 
means for generating a single one of said access control patterns in response to a 

plurality of said access control specifiers. 

90. (Previously Presented) A method of processing a packet comprising: 
determining a selected output interface for the packet; 

matching one or more characteristics of said packet with one or more access 
control specifiers in at least one access control element, wherein said 
matching step is performed in parallel with said determining step; and 

processing said packet based on said matching. 

91 . (Previously Presented) The method of claim 32, wherein said one or more 
access control 

specifiers include a label match mask and a label match pattern. 

92. (Previously Presented) The system of claim 46, wherein said one or more 
access control 

specifiers include a label match mask and a label match pattern. 
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